Add a histogram entry for same-site but cross-origin downloads

This CL adds a new bucket to Download.InitiatedByWindowOpener to
indicate that a download is initiated by a same-site but
cross-origin opener of that tab. E.g., if a tab
subdomain1.example.com opens another tab subdomain2.example.com and
then navigates it to a download, this CL will now record the download
as kSameSite instead of kCrossOrigin.

This is added because latest number from Canary for the kCrossOrigin
bucket is unexpectedly large. I suspect this is caused by sites serving
their downloads on subdomains. This would previously go to the
kCrossOrigin bucket but it now goes under kSameSite bucket.

Bug: 121259
Change-Id: Idf142448b052a342df057982cfb79b0669fbd229
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2065252
Auto-Submit: Mustafa Emre Acer <meacer@chromium.org>
Reviewed-by: Min Qin <qinmin@chromium.org>
Commit-Queue: Min Qin <qinmin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#743183}

content/browser/download/download_manager_impl.cc

@@ -71,6 +71,7 @@
 #include "mojo/public/cpp/bindings/self_owned_receiver.h"
 #include "net/base/elements_upload_data_stream.h"
 #include "net/base/load_flags.h"
+#include "net/base/registry_controlled_domains/registry_controlled_domain.h"
 #include "net/base/request_priority.h"
 #include "net/base/upload_bytes_element_reader.h"
 #include "services/metrics/public/cpp/ukm_source_id.h"
@@ -1209,8 +1210,16 @@ void DownloadManagerImpl::InterceptNavigationOnChecksComplete(
     if (opener) {
       if (opener->GetLastCommittedOrigin() !=
           render_frame_host->GetLastCommittedOrigin()) {
-        UMA_HISTOGRAM_ENUMERATION("Download.InitiatedByWindowOpener",
-                                  InitiatedByWindowOpenerType::kCrossOrigin);
+        if (net::registry_controlled_domains::SameDomainOrHost(
+                opener->GetLastCommittedOrigin(),
+                render_frame_host->GetLastCommittedOrigin(),
+                net::registry_controlled_domains::INCLUDE_PRIVATE_REGISTRIES)) {
+          UMA_HISTOGRAM_ENUMERATION("Download.InitiatedByWindowOpener",
+                                    InitiatedByWindowOpenerType::kSameSite);
+        } else {
+          UMA_HISTOGRAM_ENUMERATION("Download.InitiatedByWindowOpener",
+                                    InitiatedByWindowOpenerType::kCrossOrigin);
+        }
       } else {
         UMA_HISTOGRAM_ENUMERATION("Download.InitiatedByWindowOpener",
                                   InitiatedByWindowOpenerType::kSameOrigin);

content/browser/download/download_manager_impl.h

@@ -48,8 +48,12 @@ class DownloadItemImpl;
 // Entries should not be renumbered and numeric values should never be reused.
 enum class InitiatedByWindowOpenerType {
   kSameOrigin = 0,
+  // Download URL and the initiator are cross origin.
   kCrossOrigin = 1,
-  kMaxValue = kCrossOrigin
+  // Download URL and the initiator are cross origin but same site (i.e. same
+  // eTLD+1).
+  kSameSite = 2,
+  kMaxValue = kSameSite
 };
 
 namespace content {

tools/metrics/histograms/enums.xml

@@ -16336,6 +16336,10 @@ to ensure that the crash string is shown properly on the user-facing crash UI.
   <int value="1" label="Cross Origin">
     window.opener is cross origin to the top frame of this download.
   </int>
+  <int value="2" label="Same Site">
+    window.opener is cross origin but same site to the top frame of this
+    download (e.g. google.com vs subdomain.google.com).
+  </int>
 </enum>
 
 <enum name="DownloadInProgressDBCountType">